What You Need to Know About Smishing

If it seems like hackers and scammers find new ways to attack your data every day, then you’re not too far off base. With every new platform, software, or app that comes out, someone invariably finds a way to use it to their advantage. The end result can be a breach in your personal security and a loss of your identity.

But with every new form of attack—spoofing, phishing, hacking, and more—the public has to learn about the threat and learn how to protect themselves from it. That’s why staying on top of a new form of security threat is critical to protecting yourself.

There’s a new form of security danger out there, and this one specifically targets your smartphone. Smishing, as the attack is called, uses the hackers’ old favorite—phishing, or sending out emails that entice you to click a link that actually downloads malicious software—to install a Trojan or virus on your phone. As its name implies, smishing comes from “SMS phishing,” as SMS is the acronym that applies to text messages.

Obviously, a smishing attack goes after your device via text message, and it happens when you get a message from an unknown number that offers you some sort of incentive. It might be telling you about a free offer, a coupon, something wrong with your account, or even more likely, it might claim that “your friend” has sent you a game request or message. Unfortunately, the weblink in the text will install malicious software on your phone once you press it.

Unlike viruses of the “olden days” that sought to lock up your computer or disable your files, smishing attacks generally don’t even want you to know they’re there. They want to exist inside your device and continue to feed information back to the hacker, information like your contacts list, your email address book, and any passwords you enter for apps or accounts you use.

While there are antivirus apps available for smartphones, it can be difficult to completely remove malicious software from a smartphone once it’s infected. Depending on the virus, the only available option may be to reset the phone to its factory settings, which will remove all of your content out of the phone. By far, the better option is to avoid installing this type of threat in the first place. Just remember the rule that goes for emails and social media messages, and apply the same smart practice to your mobile device: never click a link that you weren’t expecting.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.